Chinese state hackers are targeting Taiwanese organizations, likely for espionage, in a difficult-to-detect campaign that relies on Windows utilities. Microsoft dubbed the threat actor Flax Typhoon in a Thursday blog post and said the hackers seek persistence, lateral movement and credential access.
Four years ago, federal regulators started sending a message to healthcare entities about the need to give patients timely access to their health records. Insurer UnitedHealthcare, the 45th firm penalized for potential "right to access" violations, agreed to an $80,000 fine and corrective action.
A new healthcare-focused research agency is seeking proposals for innovative cybersecurity technologies that can apply a national security approach to protecting this highly targeted civilian industry. Today's off-the-shelf software is falling short, the agency said.
Spain is set to launch Europe's first-ever artificial intelligence regulatory agency as the trading bloc finalizes legislation meant to mitigate risks and ban AI applications considered too risky. Madrid said its goal is to foster AI that is "inclusive, sustainable, and centered on citizens."
Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. With the surge in cloud adoption, visibility in the cloud is paramount, advised Levi Gundert, chief security officer at Recorded Future.
Secure access service edge has evolved significantly over the past four years, transforming from a relatively new idea into a well-defined and widely discussed framework for network and security architecture. NetWitness focuses on integration rather than offering a SASE product.
While a significant number of attacks are not yet AI-driven, there's a noticeable shift in the creation of generative malware and lures for business email compromise, warned Ashan Willy, CEO at Proofpoint. LLMs are being used to create enticing lures in foreign languages to target broader audiences.
As the threat landscape continues to evolve, defenders need to shift their focus from individual wins to sustained proactive defenses. Resecurity COO Shawn Loveland proposes embracing a strategy of understanding and fighting adversaries in a constantly changing space - with no beginning and no end.
Malicious actors often devise ingenuous ways to infiltrate networks. Michael Sikorski, CTO and vice president of engineering of Unit 42 at Palo Alto Networks, shed light on an unconventional tactic deployed by Russian hackers: the Trojanization of legitimate advertisements.
Two financial services giants hit by the mass attack on MOVEit file-sharing software - Prudential and Schwab - are the latest victims to face lawsuits from affected individuals. The suit filed against Prudential seeks 10 years of prepaid identity theft monitoring services instead of the usual two.
Hackers are using a tool set that first appeared in 2020 and apparently was developed by Turkish speakers to deploy Scarab ransomware, said Eset researchers. They dubbed the threat actors behind it CosmicBeetle and assess with "high confidence" that they exploit the 2020 vulnerability ZeroLogon.
This week, a ransomware gang claimed responsibility for attacks on a multistate U.S. hospital chain, a cyberattack disrupted expat voting in Ecuador, Africa cracked down on cybercrime, Latitude Financial said its hacking incident cost AU$76 million, and new malware targeted macOS users.
A three-hospital health system serving the Mississippi Gulf Coast has resorted to paper charting and other manual processes for patient care as it deals with a cyberattack that forced it to take systems offline. The incident is the latest disruptive attack on a regional medical provider.
This week, charges were filed against Tornado Cash founders, the FBI found North Korean bitcoin wallets holding stolen cash, theft occurred in the Exactly and Harbor protocols, Venus Protocol liquidated a hacker's wallet, Terra paused operations, and Thailand threatened Meta over crypto scam ads.
Enterprises have been keenly exploring the potential of generative AI, deploying it to fuel innovation. But stealthy integration of AI features into products already owned by organizations has cybersecurity experts worried, said Jeff Pollard, vice president and principal analyst at Forrester.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.